/** * Sets a version as the primary version for a crypto key. */ public static CryptoKey setPrimaryVersion(String projectId, String locationId, String keyRingId, String cryptoKeyId, String versionId) throws IOException { // Create the Cloud KMS client. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // The resource name of the CryptoKey to update. String resourceName = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId); // Update the primary CryptoKey version CryptoKey key = client.updateCryptoKeyPrimaryVersion(resourceName, versionId); return key; } }
/** * Encrypts the given plaintext using the specified crypto key. */ public static byte[] encrypt( String projectId, String locationId, String keyRingId, String cryptoKeyId, byte[] plaintext) throws IOException { // Create the KeyManagementServiceClient using try-with-resources to manage client cleanup. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // The resource name of the cryptoKey String resourceName = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId); // Encrypt the plaintext with Cloud KMS. EncryptResponse response = client.encrypt(resourceName, ByteString.copyFrom(plaintext)); // Extract the ciphertext from the response. return response.getCiphertext().toByteArray(); } } // [END kms_encrypt]
/** * Decrypts the provided ciphertext with the specified crypto key. */ public static byte[] decrypt( String projectId, String locationId, String keyRingId, String cryptoKeyId, byte[] ciphertext) throws IOException { // Create the KeyManagementServiceClient using try-with-resources to manage client cleanup. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // The resource name of the cryptoKey String resourceName = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId); // Decrypt the ciphertext with Cloud KMS. DecryptResponse response = client.decrypt(resourceName, ByteString.copyFrom(ciphertext)); // Extract the plaintext from the response. return response.getPlaintext().toByteArray(); } } // [END kms_decrypt]
/** * Retrieves the IAM policy for the given crypto key. */ public static Policy getCryptoKeyPolicy( String projectId, String locationId, String keyRingId, String cryptoKeyId) throws IOException { // Create the Cloud KMS client. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // The resource name of the cryptoKey version String keyName = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId); // Get the current IAM policy and add the new account to it. Policy iamPolicy = client.getIamPolicy(keyName); return iamPolicy; } } // [END kms_get_cryptokey_policy]
/** * Lists all the versions for the given crypto key. */ public static List<CryptoKeyVersion> listCryptoKeyVersions( String projectId, String locationId, String keyRingId, String cryptoKeyId) throws IOException { // Create the Cloud KMS client. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // The resource name of the CryptoKey to search. String parent = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId); // Retrieve a paginated list of CryptoKeyVersions ListCryptoKeyVersionsPagedResponse response = client.listCryptoKeyVersions(parent); ArrayList<CryptoKeyVersion> results = new ArrayList<>(); // Iterate over all CryptoKeyVersions (subsequent pages are retrieved automatically) for (CryptoKeyVersion version : response.iterateAll()) { results.add(version); } return results; } }
/** * Creates a new crypto key version for the given id. */ public static CryptoKeyVersion createCryptoKeyVersion( String projectId, String locationId, String keyRingId, String cryptoKeyId) throws IOException { // Create the Cloud KMS client. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // The resource name of the cryptoKey String cryptoKey = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId); CryptoKeyVersion version = CryptoKeyVersion.newBuilder().build(); CryptoKeyVersion newVersion = client.createCryptoKeyVersion(cryptoKey, version); return newVersion; } } // [END kms_create_cryptokey_version]
String keyName = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId);
String keyName = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId);